The Hackaday community is currently working on an offline password keeper, aka Mooltipass. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. The Mooltipass is a standalone device connected through USB and is compatible with all major operating systems on PCs, Macs and Smartphones. More details on the encryption and technical details can be found on our github repository readme or by having a look at all the articles we previously published on Hackaday.

Our beta testers are now using their prototypes daily and their feedback allowed us to considerably improve the Mooltipass. The firmware development is coming to an end as most functionalities have been implemented in the last few weeks. The development team is therefore turning his attention to the Chrome/Firefox plugins and needs your help to finish them in a timely manner. As you can guess, our goal is to provide a slick and intuitive interface for all of the Mooltipass features. If you have (a lot of) spare time, knowledge of the browsers APIs, feel free to leave a comment below with a valid email address!

Just wanted to say that I like the direction Hackaday is taking. I was afraid SupplyFrame would break Hackaday original spirit but not, everything is still pretty much the same, except a little better.

That’s it, people always remember to complain and forget to compliment. I just wanted to say that you guys are doing a great job, please continue!

An app that communicates with our HID device and an extension that scans for the input fields on the different pages the user browses.
Most of the work has already been done, we’re currently trying to improve website compatibility and user friendliness.

Is the feature of encryption between mooltipass and the browser plugin gonna be implemented at all? (to mitigate sniffing) I mentioned this before as feedback but did not received any comments from you Mathieu

wait what? are you saying you guys are using static, symmetric encryption? does this mean that if i get my hands on your device, i can know your actual passwords?

If the above is not true then you do have access to non-static keys that can be used for asymmetric crypto. You could use Diffie-Hellman to establish keys and then bob’s your uncle. or you could use something like RSA to send data that can only be decoded on-device with the (generated) private key.